-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
Jenkins 2.222.1
swarm-client 3.4 up through 3.19
-
-
3.20
When running the following command line:
/usr/bin/java -jar /tmp/swarm-client.3.19.jar \
-disableSslVerification \
-deleteExistingClients \
-disableClientsUniqueId \
-showHostName \
-noRetryAfterConnected \
-executors=7 \
-labels 'blftest' \
-master https://myjenkins.example.com \
-username jenkins \
-passwordEnvVariable ADMIN_PSW
I received the following output
Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client logArguments
INFO: Client invoked with: -deleteExistingClients true -disableClientsUniqueId true -disableSslVerification true -executors 7 -labels [blftest] -master https://myjenkins.example.com -noRetryAfterConnected true -passwordEnvVariable ADMIN_PSW -showHostName true -username *****
Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run
INFO: Discovering Jenkins master
Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run
SEVERE: IOException occurred
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local]
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142)
at hudson.plugins.swarm.Client.run(Client.java:150)
at hudson.plugins.swarm.Client.main(Client.java:128)
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local]
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507)
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142)
at hudson.plugins.swarm.Client.run(Client.java:150)
at hudson.plugins.swarm.Client.main(Client.java:128)
Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run
INFO: Retrying in 10 seconds
Not sure why the Subject Alternative name is even being checked when I specified "-disableSslVerification". I tried 'curl -k' and it works as expected.
- links to
[JENKINS-62033] Swarm client -disableSslVerification option does not disable SSL hostname verification
Brian Farrell
created issue -
Brian Farrell
made changes -
| Description |
Original:
When running the following command line: |
New:
When running the following command line: /usr/bin/java -jar /tmp/swarm-client.3.19.jar \ -disableSslVerification \ -deleteExistingClients \ -disableClientsUniqueId \ -showHostName \ -noRetryAfterConnected \ -executors=7 \ -labels 'blftest' \ -master https://myjenkins.example.com \ -username jenkins \ -passwordEnvVariable ADMIN_PSW I received the following output Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client logArguments INFO: Client invoked with: -deleteExistingClients true -disableClientsUniqueId true -disableSslVerification true -executors 7 -labels [blftest] -master https://myjenkins.example.com -noRetryAfterConnected true -passwordEnvVariable ADMIN_PSW -showHostName true -username ***** Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run INFO: Discovering Jenkins master Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run SEVERE: IOException occurred javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local] at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142) at hudson.plugins.swarm.Client.run(Client.java:150) at hudson.plugins.swarm.Client.main(Client.java:128) javax.net.ssl.SSLPeerUnverifiedException: Certificate for <myjenkins.example.com> doesn't match any of the subject alternative names: [ingress.local] at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) at shaded.org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) at shaded.org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) at shaded.org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) at shaded.org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) at shaded.org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at shaded.org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) at shaded.org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at shaded.org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at shaded.org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at shaded.org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at hudson.plugins.swarm.SwarmClient.discoverFromMasterUrl(SwarmClient.java:142) at hudson.plugins.swarm.Client.run(Client.java:150) at hudson.plugins.swarm.Client.main(Client.java:128) Apr 23, 2020 6:58:15 PM hudson.plugins.swarm.Client run INFO: Retrying in 10 seconds Not sure why the Subject Alternative name is even being checked when I specified "-disableSslVerification". I tried 'curl -k' and it works as expected. |
Basil Crow
made changes -
| Summary | Original: swarm-client -disableSslVerification does not skip searching subject alternative names | New: Want a way to disable SSL hostname verification |
Basil Crow
made changes -
| Summary | Original: Want a way to disable SSL hostname verification | New: Swarm client -disableSslVerification option does not disable SSL host verification |
Basil Crow
made changes -
| Summary | Original: Swarm client -disableSslVerification option does not disable SSL host verification | New: Swarm client -disableSslVerification option does not disable SSL hostname verification |
Basil Crow
made changes -
| Assignee | New: Basil Crow [ basil ] |
Basil Crow
made changes -
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
Basil Crow
made changes -
| Status | Original: In Progress [ 3 ] | New: In Review [ 10005 ] |
Basil Crow
made changes -
| Remote Link | New: This issue links to "jenkinsci/swarm-plugin#200 (Web Link)" [ 24872 ] |
Thanks for reporting this, blf. I've opened jenkinsci/swarm-plugin#200 with a fix. Can you please try this snapshot build and confirm that the issue is resolved?